Compliance alliance: Identify problems, but work with team

Understand the core factors that cause noncompliance

Often the best research compliance programs are not the result of overnight inspiration, but are developed through a long, experience-building process.

"Our compliance program is the product of 15 years of experience in the field," says George Gasparis, executive director of the human research protection program at Columbia University in New York, NY. Gasparis was a co-author of a research compliance poster presented at the 2009 PRIM&R Advancing Ethical Research Conference, held Nov. 15-16, 2009, in Nashville, TN.

The goal of a solid compliance program is to contribute to an institution's checks and balances with regard to human subjects research. Audits should be done confidentially and with respect for investigators and sites, Gasparis says.

The Columbia University compliance program has a three-step process that begins with investigating to identify noncompliance, auditing study sites to pinpoint problems, and reaching conclusive findings followed by decisive corrective action, Gasparis says.

"Once you identify noncompliance, how do you investigate them in a manner that has integrity, fairness, and comes up with conclusive findings that can be acted upon," he says.

Here is how the program works:

1. Identify noncompliance: "It's important that everyone within the operation is able to first recognize something that might be noncompliance and is able to report that efficiently to the compliance team," Gasparis says. "So we have an intake form for reporting an allegation of noncompliance."

Compliance office staff can use forms to provide a quick assessment of potential noncompliance, how the information was discovered, and any additional information.

Columbia uses two forms. One is called the allegations of potential noncompliance reporting form, and the other is a reporting form for research concerns or complaints, says Jessica Randall, MA, CIP, an audit specialist at the Columbia University IRB.

These internal forms are completed by someone in the compliance office and are used as a guide to obtaining the pertinent information when a caller has allegations of noncompliance.

Part of identification is education. Research staff needs to be taught what constitutes potential noncompliance when these issues should be reported, Gasparis says.

"We train staff for this, and this week we'll have a revised compliance policy on our Web site," he adds.

The policy will have a revised appendix that lists certain common and very minor incidents of noncompliance that should be handled by the IRB and not the compliance office, he says.

"It is more efficient for the IRB to incorporate the consideration of these minor noncompliance examples within their review rather than reporting them to the compliance team," Gasparis says.

These are very specific types of minor noncompliance.

For example, when a human subjects research project is up for renewal, but the investigator has submitted the continuing review paperwork too late and the study lapses, it is noncompliance for any activity to continue on that trial, Gasparis explains.

The appendix specifies that if the research site is analyzing data or continuing to do a minimal risk survey during that period between when the study's IRB approval has expired and before it's renewed, then it's a minor noncompliance issue, he says.

This same example would be considered serious noncompliance if the trial site were to enroll any subjects during the lapsed period, he adds.

2. Conducting the noncompliance audit.

Gasparis meets with the compliance oversight team, including Randall, once or twice a week to discuss audit cases.

"We discuss what the allegations are, how we investigate these, how the investigation is proceeding, and how to provide recommendations, follow-up, and monitoring," he says.

The first step is to determine whether an allegation actually has merit.

"First we conduct an inquiry to see if the noncompliance allegation is authentic," Gasparis says. "We do a quick review and pull up a database search."

For instance, if someone has called about a potential noncompliance and gives a common surname for the investigator, it could be the person has the wrong investigator. Or, sometimes, people call about investigators who are at a different institution. So the compliance office checks to make certain any allegations pertain to actual investigators and research at Columbia.

When the noncompliance is genuine, the next step is to see if it requires a full chart review, partial chart review, or some other level of investigation.

"Is it appropriate to go on the site and look at files?" Gasparis says.

If a potential noncompliance results in a "yes" answer to any of these three questions then it's likely the case requires an onsite audit:

  • Does the study pose greater than minimal risk to subjects?
  • Is there the potential that subjects could be harmed?
  • Is there very serious noncompliance?

An example of noncompliance that might not require an audit would be one where the investigator reported that he did not document the signed informed consent. But he then gives the compliance office a copy of the IC. A compliance oversight specialist checks the database and sees there are only two subjects enrolled, so the specialist requests a copy of the signed IC for the second subject, Gasparis explains.

"Once we have that form, we have the information we need, and we don't have to go onsite to confirm it," he adds.

For compliance issues that require an audit, compliance officials might decide to first conduct a partial review of records. If the sample reveals a noncompliance trend, then they could decide to conduct a full record audit.

Once an audit date is selected, audit specialists send an audit preparation sheet to the investigator and trial staff.

Then the audit specialist visits the site, using either a not-for-cause audit form or the for-cause audit form, depending on the circumstances.

3. Document outcomes from the investigation.

A chief and universal outcome of a noncompliance finding after an audit is to provide education and training to research staff.

"It's essential that every incidence of noncompliance has education and training as one of the actions," Gasparis says. "Something went wrong, and there has to be an awareness of what was wrong and how to do it right."

The goal is to prevent future noncompliance and problematic trends.

"Sometimes we'll recommend researchers use tools, such as Excel spreadsheets, or that they implement processes to prevent this problem from happening again," Gasparis says.

Also, research sites will have to write and implement a corrective action plan (CAP) based on the compliance office's recommendations.

This can include staff changes in events where a noncompliance problem was caused by one individual on the study team. Or it could be a situation where the research site did not have enough resources, so they would have to come up with a plan for hiring additional staff, he suggests.

"Maybe there was a breakdown in the process and simply implementing a couple of key strategies would prevent it from occurring again," Gasparis says. "So it's important to understand the core factors that cause the noncompliance and come up with a solution to prevent it from happening again."

For instances of serious noncompliance, audit specialists will put the research site on a schedule for monthly audit checks to ensure the CAP has been implemented, he adds.

"Or we may expand the audit to other studies by that investigator," he says.

A compliance program's auditors should keep in mind that not all investigations end with findings of noncompliance, Gasparis notes.

"Sometimes one will find through an investigation that a study actually was conducted very well," he says.

"So it's important that one does not assume that someone is guilty until the investigation is conducted," he adds. "And you should preserve the reputation of the researcher or research team."